Bug Hunting Is Cybersecurity's Skill of the Future

The vast majority of white hat hackers who reported that they were looking for jobs in cybersecurity said that their bug hunting experience helped them land a job, according to Bugcrowd’s 2018 Inside the Mind of a Hacker report.

The report looked at the community of white hat hackers to better understand the skill sets and career aspirations of more than 750 security researchers and found that 41% of white hat hackers are self-taught. In addition, 80% of bug hunters said that their experience in bug hunting has helped them get a job in cybersecurity.

"Bug bounties have impacted my life by teaching me skills that I didn't know from doing traditional pentesting," said Phillip Wylie, a top-performing security researcher for Bugcrowd based out of Texas in today's press release. "I really enjoy being involved in the security and hacking community and I now teach ethical hacking at a community college. It's important to share knowledge in our community so we can push ourselves to be better."

“Cybersecurity isn’t a technology problem, it’s a people problem – and in the white hat hacker community there’s an army of allies waiting and ready to join the fight,” said Casey Ellis, founder and CTO at Bugcrowd in the release.

“Bug hunting is a perfect entry point for would-be infosecurity professionals to gain real-world experience, as well as for seasoned professionals to hone their skills and supplement their income. With cybercrime expected to more than triple over the next five years, bug hunting addresses the dire need for security skills at scale.”

A career in bug-hunting can be quite lucrative, with the research showing that the average total payouts for the top 50 hackers totaled around $150K, with the average submission payout coming in at $783. While hackers are finding and submitting plenty of bugs, 15% of hackers have the ambition of being a top security engineer at tech giants like Google and Facebook, yet only 6% have the desire to someday be a CISO.

Some hackers (24%) only spend an average of 6–10 hours a week bug hunting, which could be a function of the fact that more than half of the white hat hacker community are hunting bugs on top of their regular 9–5 positions.

The report also highlighted the continued gender imbalance that plagues the industry, with women representing a mere 4% of the global hacking community.